Spyware, Viruses, & Security forum


NEWS - February 11, 2013

by Carol~ Forum moderator / February 10, 2013 11:12 PM PST
Yahoo! Pushing Java Version Released in 2008

At a time when Apple, Mozilla and other tech giants are taking steps to prevent users from browsing the Web with outdated versions of Java, Yahoo! is pushing many of its users in the other direction: The free tool that it offers users to help build Web sites installs a dangerously insecure version of Java that is more than four years old.

Yahoo! users who decide to build a Web site within the Internet firm's hosting environment are steered toward using a free tool called SiteBuilder, which is designed to make building simple Web sites a point-and-click exercise. Yahoo! has offered SiteBuilder to its millions of users for years, but unfortunately the tool introduces a myriad of security vulnerabilities on host PCs. [Screenshot]

SiteBuilder requires Java, but the version of Java that Yahoo! bundles with it is Java 6 Update 7. It's not clear if this is just a gross oversight or if their tool really doesn't work with more recent versions of Java. The company has yet to respond to requests for comment.

But this version of Java was first introduced in the summer of 2008 and is woefully insecure and out-of-date. Oracle just released Java 6, Update 39, meaning that SiteBuilder installs a version of Java that includes hundreds of known, critical security vulnerabilities that can be used to remotely compromise host PCs.

Continued : http://krebsonsecurity.com/2013/02/yahoo-pushing-java-version-released-in-2008/
Post a reply
Discussion is locked
You are posting a reply to: NEWS - February 11, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 11, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Google, Dropbox, Comcast on List of Malware Hosting Domains
by Carol~ Forum moderator / February 10, 2013 11:17 PM PST


The security company F-Secure recently released a list the top malware hosting domains which included Google, Dropbox, Comcast, and other popular websites. Before you freak out, there's a very good reason for them to be on that list.

Now, of course Google and Dropbox aren't secretly hording malware intentionally. Rather, they either host links or allow users to upload files which could be malicious. "The greatest amount of malicious content came from contenthosting sites," writes F-Secure in their report. "In H2 2012 we saw that 56 out of [the] top 1000 sites, or 5.6% of the top sites, hosted malicious content, usually a link or redirection to malware or phishing scam."

It would seem that these sites are victims of their own success, being enormously popular and also providing services that inadvertently help perpetuate malware. This is similar to how Google Play ranked as only the fifth safest Android app store, because of its sheer size.

Continued : http://securitywatch.pcmag.com/none/307918-google-dropbox-and-comcast-on-list-of-malware-hosting-domains

Collapse -
Pope to resign - Twitter sex spammers exploit breaking story
by Carol~ Forum moderator / February 10, 2013 11:17 PM PST
Pope Benedict XVI to resign - Twitter sex spammers exploit breaking news story

Within seconds of the news breaking that Pope Benedict XVI was to resign, spam began to appear on Twitter taking advantage of the story.

Messages using the hashtag #pope - but with no connection whatsoever with the developing news story of the first Papal resignation for hundreds of years - have sprung up on the social network.

Most of the messsages are being posted from accounts which feature images of young women in a state of undress (rather than a state of distress, which is what you would devout expect Catholic followers of @Pontifex to be feeling right now). [Screenshot]

What is happening here is what we see every day on Twitter - whether there is a Papal resignation or not.

Continued : http://nakedsecurity.sophos.com/2013/02/11/pope-resigns-twitter-spam/

Related: Pope's resignation exploited by Twitter spammers
Collapse -
Oracle to re-release Java SE patch w/ extra helping of fixes
by Carol~ Forum moderator / February 11, 2013 2:03 AM PST

"Oracle didn't have time to fix all the Java bugs when it released its out of band patch earlier this month, so now there's a redux on the way. "

Thought you'd sorted the problems with Java SE already this month? Think again — a new patch is on the way.

Oracle may have released a fix for 50 Java SE vulnerabilities in its out of band update at the start of February, but administrators will need to patch the software again: the company has announced an updated patch will shortly be made available, bringing a "small number" of fixes that Oracle could not include in time for the first patch's release.

The original Critical Patch Update (CPU) for Java SE was due to be released on 19 February, but Oracle brought it forward to close a zero-day flaw affecting the Java Runtime Environment in desktop browsers that was already being exploited by attackers.

"As a result of the accelerated release of the Critical Patch Update, Oracle did not include a small number of fixes initially intended for inclusion in the February 2013 Critical Patch Update for Java SE," Oracle's director of software security assurance, Eric Maurice, announced on the company's blog on Friday.

Continued :http://www.zdnet.com/oracle-to-re-release-java-se-patch-with-extra-helping-of-fixes-7000011113/

Collapse -
Dorkbot worm lurks on Skype and MSN Messenger again
by Carol~ Forum moderator / February 11, 2013 2:03 AM PST

The Dorkbot/Rodpicom worm, which spreads via messaging applications and leads to additional malware infections, is currently doing rounds on Skype and MSN Messenger, warns Fortinet.

The vicious circle starts with potential victims receiving a direct message from a contact, asking "LOL is this your new profile pic? http://goo. gl/[removed]". Those who follow the link land on a malicious site and are infected with the worm.

Apart from being able to send out the aforementioned message to further potential victims, the malware is also capable of opening a backdoor into the infected system, downloading more malicious software, spamming, reaching out to its C&C server, downloading a new version of itself, and other malicious activities. The computer is essentially enslaved into a botnet and is ready to do the botnet master's bidding.

It's interesting to note that the worm waits until the victims log into the chat app they use and then send out the messages. It is also able of changing the language of the message to be consistent with the language of the installed Windows operating system, making it more believable that the message has been sent by the user.

Continued : http://www.net-security.org/malware_news.php?id=2408

Collapse -
Cyber Threats Increase around Valentine's Day
by Carol~ Forum moderator / February 11, 2013 2:03 AM PST

Most people are eagerly waiting for Valentine's Day. The day is an opportunity to spread affection and excitement amongst loved ones by exchanging gifts. Last year we observed prominent spam attacks using Valentine's Day as bait. Messages promoted unbelievably discounted jewelry, dinning opportunities, and expensive gifts.

This year, various Valentine's Day spam messages have started flowing through Symantec's Probe Network. The top word combinations used in spam messages include the following:

• Find-Your-Valentine
• eCards-for-Valentine
• Valentine's-Day-Flowers

The e-card spam message, shown in Figure 1, arrives with a malicious attachment called ValentineCard4you.zip. After opening the attachment, malware is downloaded on to the user's computer. Symantec detects the attachment as Backdoor.Trojan.
[Screenshot: E-card spam with malicious attachment]

Continued: http://www.symantec.com/connect/blogs/cyber-threats-increase-around-valentine-s-day

Collapse -
Money Transfer Spam Campaign with HTML Attachment
by Carol~ Forum moderator / February 11, 2013 2:04 AM PST

From the Symantec Security Response Blog:

Phishers love to arouse curiosity and/or fear in the user's mind and this stimulus can compel people to set aside all caution as well as any safety measures they might have in place to avoid such scams.

In a recent spam sample seen in our probe network, we observed that by taking advantage of human curiosity, users can easily be duped into disclosing sensitive information to unknown persons. In order to ensure awareness of this campaign, and others like it, we will discuss this phishing scam in more detail.

In a slight variation to the telegraphic transfer spam attack seen in the past, we see that the message has a HTML attachment, instead of an archived executable file. As shown in Figure 1, users are advised to confirm a pending transaction with their bank and also told that there is a copy of a bank slip attached. [Screenshot]

Continued : http://www.symantec.com/connect/blogs/money-transfer-spam-campaign-html-attachment

Collapse -
Spammed Malware Campaign Targets Citi Group Customers
by Carol~ Forum moderator / February 11, 2013 6:57 AM PST

Bitdefender's "HOTforSecurity" Blog:

Clients of Citi Group, the third largest bank holding company in the US, are targeted by scammers who collect passwords and open backdoors for unauthorized remote attackers or download malware on the compromised systems.

This attack seems part of a greater campaign conducted by the group behind other two malicious spam messages that in January had Better Business Bureau and DocuSign clients open malicious attachment sworn to be legitimate, confidential and time sensitive.

Now it's time Citi clients keep an eye open for e-mails that read "You have received a secure message" inviting them to read the message by opening the attachments securedoc.html. [Screenshot]

The emails include a link and an attachment. While the link is harmless, taking receivers to the legitimate Citi page, the attachment is a password stealer that opens a backdoor for remote attackers. Some instances appear to also download components of the BlackHole or ZeuS exploit kits.

Continued : http://www.hotforsecurity.com/blog/spammed-malware-campaign-targets-citi-group-customers-5322.html

Popular Forums
Computer Help 51,224 discussions
Computer Newbies 10,453 discussions
Laptops 20,090 discussions
Security 30,722 discussions
TVs & Home Theaters 20,937 discussions
Windows 10 1,295 discussions
Phones 16,252 discussions
Windows 7 7,684 discussions
Networking & Wireless 15,215 discussions


Enter for your chance to win* a game hardware bundle

One lucky winner will walk away with a gaming monitor, keyboard and mouse. Two lucky runners-up will score a gaming headset.